Looks like Time Warner Cable Internet users won’t be having an error-free weekend. Zombie computers have been attacking the company’s Southern California operation all week. Customers have been getting intermittent “page cannot be displayed” errors (although see the quick fix below).

The attack is not limited to O.C. Jeff Simmermon, Time Warner’s director of digital communications, just offered an update tonight that mentions attacks have been felt in Ohio, Indiana, Nebraska, Alabama, Idaho, Washington, Kansas and Missouri, Virginia, West Virginia, Arizona, California and Colorado.

Under attack is Time Warner’s Domain Name System, which lets us type in easy-to-remember words (like ocregister.com) as opposed to numbers (69.25.233.228). If a customer types in a site’s IP address, they’ll get to the site. But who memorizes those numbers? That’s why we have DNS.

“We are deploying more hardware and software, and wetware (human) resources to handle the increased load during attacks and mitigate their impact on our customers and continuing to work with law enforcement authorities as well,” he said in his note.

I called Steve Gibson, founder of long-time computer security firm Gibson Research Corp. in Irvine. He pointed out many things to me. Like, the Internet STILL WORKS.

If you know the Web site’s IP address, type it in and the site will pull up. Same is true if the IP address is still in your Internet browser’s cache. However, since most of us don’t know the IP numbers, we rely on DNS to take us to the right site.

Time Warner says that a team of ‘zombie’ computers launched a denial of service attack. They essentially are sending a gazillion requests and Time Warner’s DNS has been overwhelmed trying to fill all those requests. It could come from hackers targeting Time Warner’s DNS or from people spoofing Time Warner in the return address. Either way, the company’s DNS can’t handle it.

As a security expert whose site has been attacked many times, Gibson said that typically, these attacks end after a few hours and companies move on. The length of this attack means that this is pretty serious.

“The longer it lasts, the more believable it is because there is nothing they can do. If this were their fault, they certainly would have fixed it by now,” Gibson said.

Gibson’s own site was most recently attacked last year by some “script kiddie” who launched the attack and forgot about it. Gibson moved his whole site to a new IP address. When he checked the old location three months later, the attack was still going on.

“It’s that casual. It’s that easy, although it’s much less common for it to happen to a large company,” Gibson said. “Normally, the attack targets a customer and then the customer’s (Internet Service Provider) is able to block any traffic aimed at that customer.”

“The fact that this attack is aimed at DNS servers makes it much more logistically difficult to stop the attack,” Gibson said. Time Warner would have to change all of its IP addresses and convince customers to reboot their cable modem so they too could get the update.

There is a solution: Customers can choose to use an alternative DNS company. The most popular are OpenDNS and Level 3 Communications. If you set your computer to check OpenDNS or other service instead of using Time Warner’s system, you’ll be back to normal in no time. OpenDNS has really nice image-friendly guides to show newbies how to make the switch:

Refunds: Time Warner also says it is not offering blanket refunds but will credit customers on a case-by-case basis. Customers can call the support line at 888-TWCABLE to ask for credit.

“I’d expect to be reimbursed for my costs for the week,” Gibson said. “I’m paying for service. … Like when Gmail had a short outage for 2 hours the other day and it was like ‘Oh my God, the world is ending!’ because people are so dependent on it. They assume it’s going to be there and when it’s not, it’s like the end of their lives.”

Join the Conversation

We invite you to use our commenting platform to engage in insightful conversations about issues in our community. Although we do not pre-screen comments, we reserve the right at all times to remove any information or materials that are unlawful, threatening, abusive, libelous, defamatory, obscene, vulgar, pornographic, profane, indecent or otherwise objectionable to us, and to disclose any information necessary to satisfy the law, regulation, or government request. We might permanently block any user who abuses these conditions.

If you see comments that you find offensive, please use the “Flag as Inappropriate” feature by hovering over the right side of the post, and pulling down on the arrow that appears. Or, contact our editors by emailing moderator@scng.com.